Cyber Risk Manager
- Job Title
- Cyber Risk Manager
- Job ID
- Detroit, MI
- Other Location
Our History: From our start in 2009, Conexess has established itself in 3 markets, employing nearly 150+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies, to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are: Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work.
Cyber Risk Manager
The Cyber Risk Manager position at our client is a member of the Information Protection and Risk Management (IPRM) team. The 1st Line Cyber Risk Manager serves as a subject matter expert on the Information Technology & Information Security risk environment. The successful candidate will have extensive experience in IT Engineering and Information Security in a technology organization with additional experience working within a Risk and Compliance Framework. The position will require the ability to build relationships to interface with Business Units and other IPRM personnel to perform technical risk assessments to effectively identify Information Technology & Information Security risks within the environment.
- Perform and facilitate proactive Cyber Risk identification and management,
- Responsible for performing technical risk assessments to identify gaps in Information Technology and Information Security controls,
- Responsible to build strong relationships with aligned Business Units and partners to facilitate the identification, escalation and proper management of risks,
- Responsible for performing regular Application risk assessments to identify cyber risks within key applications
- Interface with 2nd Line Risk teams for proper escalation, management and analysis of risks, including trend analysis,
- Interface with Security Architects to assist in the identification of project related cyber risks,
- Act as Audit Support for 3rd Line and external audits related to aligned Business Units,
- Identify emerging risks, reporting issues and providing appropriate risk-based coverage for the enterprise and supported business units,
- Assist in the development and interpretation of enterprise Information Technology / Information Security Policies, Standards and Baselines.
- Working knowledge of common information security and technology risks, concepts and best practices related to:
- Network defense and secure network design
- Network, operating system, and application administration and management,
- Information Technology and Security vulnerability management,
- Secure software development
- Logging and monitoring
- Identification, authentication, and authorization mechanisms
- Data loss prevention
- A Combination of at least 5-10 years of experience in IT engineering, Information Security, Compliance and Risk Frameworks,
- Experience in the banking industry; preferably at a financial holding company (FHC)
- Knowledge and experience in performing assessments aligned with Federal Financial Institutions Examination Council (FFIEC) guidance, NIST, ISO and other information security-related standards such as SOX and PCI-DSS
- Security certifications preferred (e.g. CISSP, GIAC, or similar professional certification)
- Other Technology or Audit/Compliance related certifications a plus
- Advanced consultative skills with the ability to build collaborative relationships within all levels of an organization
- Strong written and oral communications skills including the ability to create organized and articulate summaries of risk assessment findings/points of view that are easily understood by teammates, LOBs, etc.
- Strong detail orientation with ability to research, compile, and report on data